It’s the technology millions of people use everyday when connecting to wireless headphones or going hands-free with our smartphones, but now cybercriminals are increasingly targeting consumers through Bluetooth. Flipper Zero, a portable hacking tool that can read the signals emitted by wireless devices, has been responsible for a wave of recent Bluetooth attacks on smartphones.
- The popularity of wireless accessories like AirPods is prompting cybercriminals to increasingly target Americans through the Bluetooth settings on their smartphone
- Flipper Zero, a radio-style gadget, has made it easier than ever to crash iPhones and Android devices by overloading them with Bluetooth spam and connection requests
- As well as the threat from the device, dubbed a “Tamagotchi for hackers”, mobile users should be aware of attacks such as bluejacking and the risk of having their location tracked via Bluetooth-enabled fitness trackers
- Cybersecurity company NordVPN has outlined the most common forms of Bluetooth attacks - and what consumers can do to keep their mobiles safe
Using the gadget – known as the “Tamagotchi for hackers” because it resembles the virtual pets – iPhones and some Android devices with their bluetooth on can be spammed with a torrent of connection requests, causing them to crash repeatedly (a Denial of Service, or DOS attack). Flipper Zero can still be bought legally online, but larger retailers like Amazon have now banned its sale.
Marijus Briedis, cybersecurity expert at NordVPN reveals a range of other Bluetooth attacks and hacks that consumers need to be aware of to avoid their data - or device - being burned.
Short and sweet: The best way to stay safe with Bluetooth is to activate it in short bursts. Think of it like a light, and switch it off when you’re not using it.
Bluejacking
“This is a simple attack in which a hacker finds a Bluetooth-enabled device nearby and latches onto it using pairing,” says Briedis. “If they need to authenticate themselves with a password, they can use brute-forcing software – which cycles through multiple combinations until it finds the right one. Once connected they can spam the victim with messages and images.
“While Bluejacking is often more of a nuisance than a significant threat, once a hacker can connect with you easily it’s another route through which they can try to reel you in with scams like phishing or bogus crypto schemes.”
How to avoid: “In the early days of Bluetooth there was a certain thrill in getting a connection request from another user, but accepting one today is a recipe for trouble,” Briedis warns. “Be aware of the devices you regularly sync with Bluetooth and delete anything you don’t recognise - if it’s a mistake you can always easily re-pair later on.”
Bluesnarfing
“This hack is particularly effective on older devices or ones running out-of-date software. Bluesnarfing is where a hacker steals information on your phone via Bluetooth,” says Briedis. It comes from the programming term “snarfing” – meaning to copy over files or data – and can target a range of data including calendars, emails, texts, photos, videos, and your phone book. The hacker needs to download this information fairly quickly, while you’re within a range of about 30 feet.
How to avoid: Briedis says: “Because this type of attack only works at very close range it’s one that you’re most likely to encounter when you’re sat down in public, for example on a bus or in a coffee shop. Make sure to refuse any anonymous Bluetooth connection requests and look out for anyone nearby who seems overly interested in your smartphone.”
Bluebugging
“One of the most dangerous forms of Bluetooth hack, a successful Bluebugging attack will give a cybercriminal complete control over your device, allowing them to listen in on your calls and access any data you have stored,” says Briedis. “Bluebugging usually happens as a result of vulnerabilities in either your smartphone’s Bluetooth settings or those in external wireless devices.”
How to avoid: “Bluebugging exploits the gaps in operating systems and hardware so the best way to prevent becoming a victim is to practise safe digital hygiene and make sure you install regular system and app updates.”
Bluetooth impersonation
While hackers can try to attack through new Bluetooth connection requests, a more subtle method is to disguise their approach by pretending to be an existing paired device or friend.
Briedis explains: “Weaknesses in some Bluetooth communication settings mean a bad actor can trick devices into ‘reconnecting’ with a doppelganger, giving them free access to the system. As Bluetooth Impersonation Attacks occur during the pairing process they are particularly tough to identify.”
How to avoid: “Hackers prey on holes in people’s tech knowledge, and often our impatience to connect our devices,” says Briedis. “A determined cybercriminal could set up multiple Bluetooth connection names, all similar to regular device names in the hope of persuading a user to pair with it. The best way of nipping this attack in the bud is to be aware of the specific names of approved devices and limit the time you have your Bluetooth active.”
BlueBorne attacks
“Similar to Bluebugging, a BlueBorne attack can result in the complete takeover of a smartphone or tablet,” says Briedis. “It also relies on vulnerabilities - in this case a lack of security in the communication between the Bluetooth chip and the main device chip. This means a well-equipped hacker can imitate this connection and use it to sync with a mobile phone without the users’ knowledge and then snoop around to their hearts’ content.”
How to avoid: “Again, regular device and hardware updates will limit the risk of BlueBorne attacks. It also makes sense to restrict the visibility of your Bluetooth device in your phone’s settings and switch off your Bluetooth when not in use.”
Quick Bluetooth security tips
Keep it secret, keep it safe: Turn your Bluetooth off when not in use and avoid using it in public places
Stranger danger: Don’t accept pairing requests from unknown devices and if you receive files via Bluetooth, don’t open them
Firmware foundation: Keep your devices’ firmware updated and remember that older devices without regular support can be more likely to have vulnerabilities
Remember the name: Keep a tab on the devices you have paired with while on Bluetooth, so you don’t connect to an unknown one by accident
Short and sweet: The best way to stay safe with Bluetooth is to activate it in short bursts. Think of it like a light, and switch it off when you’re not using it.